The National Security Agency is researching opportunities to collect foreign intelligence — including the possibility of exploiting internet-connected biomedical devices like pacemakers, according to a senior official.
“We’re looking at it sort of theoretically from a research point of view right now,” Richard Ledgett, the NSA’s deputy director, said at a conference on military technology at Washington’s Newseum on Friday.
Biomedical devices could be a new source of information for the NSA’s data hoards — “maybe a niche kind of thing … a tool in the toolbox,” he said, though he added that there are easier ways to keep track of overseas terrorists and foreign intelligence agents.
When asked if the entire scope of the Internet of Things — billions of interconnected devices — would be “a security nightmare or a signals intelligence bonanza,” he replied, “Both.”
“As my job is to penetrate other people’s networks, complexity is my friend,” he said. “The first time you update the software, you introduce vulnerabilities, or variables rather. It’s a good place to be in a penetration point of view.”
When the agency is looking to exploit different new devices, the NSA has to prioritize its resources, which are usually focused on the “bad guys’” tech of choice rather than popular gadgets in the U.S., Ledgett explained.
That’s why the NSA wasn’t able to help the FBI crack the iPhone of the San Bernardino shooter, he said, because the agency hadn’t invested in exploiting that particular model of phone. “We don’t do every phone, every variation of phone,” he said. “If we don’t have a bad guy who’s using it, we don’t do that.”
Ledgett isn’t the only intelligence official to identify the growing Internet of Things as a possibility for global spying. The Director of National Intelligence himself said during a Senate hearing on worldwide threats in February that interconnected devices could be useful “for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials.”
Our IP Address: